How ServiceNow Segments Across Azure and AWS With Illumio

For leading IT platform ServiceNow, running a $3.5BN cloud-based software business means blue chip cloud security, including microsegmentation of its critical services.

It also means accountability — because serving 80% of the Fortune 500 requires flexibility to maintain compliance with regular client audits.

Principal IT Security Architect Joel Duisman needed a solution that allowed uniform security policy across multi-cloud and on-premises environments – and maintained visibility for client auditing — at a low operational burden.

Multi-cloud microsegmentation

To meet enterprise-grade cloud requirements, the solution had to work across ServiceNow’s multi-cloud deployment on Microsoft Azure, AWS, and on-premises data centers, and across locations globally.

After an unsuccessful attempt with a virtualization-based solution, and a second failed try using a small-scale vendor tool that wasn’t fully baked, it was time to refine the microsegmentation strategy. The team chose Illumio Core to secure domain controllers and internal core services.

Securing domain controllers is key

First, ServiceNow needed to address flat network concerns. The team wanted to ringfence critical services, including Domain Controllers, by segmenting the network, to create isolated zones of least privilege access.

Active Directory Domain Controllers are the keys to the kingdom for malicious actors. They offer a directory to allow access to everything else on the network, letting attackers map out your assets, see what you have, and see who's admin.

For this reason, it’s best practice for companies segmenting their crown jewel databases and applications to also tightly ringfence Domain Controllers, along with other critical services. Because otherwise you’re leaving a skeleton key under the mat.

Traffic visibility and Splunk integration

Not only did deployment go off without a hitch, but there were no service interruptions. The team has found the visibility gained across their environments using Illumio’s real-time application dependency map, Illumination, to be valuable for high-quality information on traffic patterns — even for compliance, incident response, and disaster recovery testing.

“The gold standard up until now has been full packet capture, but that is expensive and takes a lot of effort. Illumio provides the solution to two security challenges. The map allows us to see what is talking to what and to go back to a server and see when the server’s behavior changes. We use Illumio’s integration with Splunk for quick insights and alerts. We feel confident that we’re protected. Illumio makes it easy to become a real expert at your own application behavior.”

Learn more about how ServiceNow got microsegmentation and visibility that works across locations globally, and seamless security policies and visibility with proven reliability and simplicity, addressing flat network concerns here.